Skip to content

build: set record provenance in response #2280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tonistiigi merged 1 commit into from
Apr 11, 2024
Merged

build: set record provenance in response #2280

tonistiigi merged 1 commit into from
Apr 11, 2024

Conversation

@crazy-max
Copy link
Member

@crazy-max crazy-max commented Feb 23, 2024
edited
Loading

follow-up discussion with @tonistiigi
related to #1681

Previously we got containerimage.buildinfo in the metadata file but buildinfo has been removed in BuildKit 0.12 (moby/buildkit#3582): https://github.com/moby/buildkit/blob/master/docs/deprecated.md#build-information

This was useful to see all sources that were used by the build with their exact versions and also the configuration that was passed to the build.

However with the provenance attestation supported since BuildKit v0.11, we have similar (and a "bit" more) information available.

With this change we set the provenance saved along the build record in the metadata file similar to containerimage.buildinfo that is named buildx.build.provenance. Will set minimal provenance by default but can be customized using the BUILDX_METADATA_PROVENANCE env var.

$ cd buildx/
$ BUILDX_METADATA_PROVENANCE=max docker buildx --builder builder bake binaries --metadata-file md.json
...
#19 copying files 56.29MB 0.3s done
#19 DONE 0.3s

#20 resolve build record provenance
#20 DONE 0.0s

md.json

$ cd buildx/
$ BUILDX_METADATA_PROVENANCE=max docker buildx --builder builder bake binaries-cross --metadata-file md.json
...
#28 copying files darwin/amd64 63.37MB 2.8s done
#28 copying files darwin/arm64 63.25MB 2.8s done
#28 DONE 2.8s

#29 resolve build record provenance
#29 DONE 0.0s

md.json

$ cd buildkit/
$ BUILDX_METADATA_PROVENANCE=max docker buildx --builder builder bake binaries --metadata-file md.json
...
#89 [integration-tests-base 18/18] COPY --link --from=binaries / /usr/bin/
#89 merging 1.8s done
#89 DONE 1.9s

#90 [integration-tests 1/1] COPY . .
#90 DONE 1.5s

#91 resolve build record provenance
#91 DONE 0.1s

md.json

@crazy-max

This comment was marked as resolved.

Sign in to view
crazy-max
crazy-max commented Feb 23, 2024
View reviewed changes
@crazy-max crazy-max force-pushed the provenance-metadata branch 3 times, most recently from 436f6c4 to 4a00e0f Compare February 24, 2024 14:03
@crazy-max crazy-max mentioned this pull request Feb 24, 2024
Merged
@crazy-max crazy-max force-pushed the provenance-metadata branch 6 times, most recently from eb6347c to e0256b6 Compare February 28, 2024 09:24
@crazy-max crazy-max marked this pull request as ready for review February 28, 2024 09:41
crazy-max
crazy-max commented Feb 28, 2024
View reviewed changes
dvdksn
dvdksn reviewed Feb 28, 2024
View reviewed changes
@crazy-max crazy-max requested a review from dvdksn February 28, 2024 12:26
@crazy-max crazy-max marked this pull request as draft February 29, 2024 08:36
@crazy-max crazy-max marked this pull request as ready for review February 29, 2024 11:46
@crazy-max

This comment was marked as off-topic.

Sign in to view
@crazy-max crazy-max force-pushed the provenance-metadata branch 6 times, most recently from a1e68ca to b3585e6 Compare March 8, 2024 08:51
@crazy-max crazy-max force-pushed the provenance-metadata branch from 9e35c6d to ad85d2f Compare March 27, 2024 17:34
@crazy-max
Copy link
Member Author

crazy-max commented Mar 27, 2024
edited
Loading

@tonistiigi Updated to strip buildConfig and metadata from provenance if BUILDX_METADATA_PROVENANCE sets to min. Mode max sets full provenance. Let me know if defaulting to min would be good. Atm it doesn't set provenance at all.

@crazy-max crazy-max force-pushed the provenance-metadata branch from ad85d2f to f0b31ce Compare March 27, 2024 17:43
@crazy-max crazy-max added this to the v0.14.0 milestone Apr 5, 2024
@crazy-max crazy-max force-pushed the provenance-metadata branch from f0b31ce to eba0b61 Compare April 9, 2024 11:00
tonistiigi
tonistiigi reviewed Apr 10, 2024
View reviewed changes
@crazy-max crazy-max force-pushed the provenance-metadata branch 3 times, most recently from 4e034e5 to 29890fa Compare April 10, 2024 19:05
@crazy-max crazy-max requested a review from tonistiigi April 10, 2024 19:05
tonistiigi
tonistiigi reviewed Apr 11, 2024
View reviewed changes
@crazy-max crazy-max force-pushed the provenance-metadata branch 3 times, most recently from 5e29d4b to fde233d Compare April 11, 2024 07:37
@crazy-max
build: set record provenance in response
2e2f9f5 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max crazy-max force-pushed the provenance-metadata branch from fde233d to 2e2f9f5 Compare April 11, 2024 08:11
@crazy-max crazy-max mentioned this pull request Apr 11, 2024
Merged
@tonistiigi tonistiigi merged commit 3e90cc4 into docker:master Apr 11, 2024
@crazy-max crazy-max deleted the provenance-metadata branch April 11, 2024 14:32
This was referenced Jun 11, 2024
Closed
Merged
@crazy-max
Copy link
Member Author

crazy-max commented Jun 21, 2024

@dvdksn Forgot to add docs-followup label on this one 🙈 for BUILDX_METADATA_PROVENANCE env var that should be added in https://docs.docker.com/build/building/variables/#build-tool-configuration-variables

@crazy-max crazy-max mentioned this pull request Jun 25, 2024
Merged
@crazy-max crazy-max mentioned this pull request Feb 18, 2025
Merged
3 tasks
aevesdocker pushed a commit to docker/docs that referenced this pull request Feb 18, 2025
@crazy-max
buildx: metadata envs (#22049)
7c42a9f 
<!--Delete sections as needed -->

## Description

Missing documentation for buildx metadata envs

## Related issues or tickets

follow up:
* docker/buildx#2280
* docker/buildx#2551

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@dvdksn dvdksn Awaiting requested review from dvdksn

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.14.0

Development

Successfully merging this pull request may close these issues.

3 participants

@crazy-max @tonistiigi @dvdksn